diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2020-03-04 05:05:28 -0800 |
|---|---|---|
| committer | Linux Build Service Account <lnxbuild@localhost> | 2020-03-04 05:05:28 -0800 |
| commit | c2d66d09b87bf479e02baf001b7dce90ea21a040 (patch) | |
| tree | 0506cb82ecce44f8b1a70b4a7416b7f0fe919735 | |
| parent | 72802fd6481d11450659de932a08720243e2ced8 (diff) | |
| parent | 77c598e5a8e2fbcdfd1d43a474f3f18e4fb6e4dc (diff) | |
Merge 77c598e5a8e2fbcdfd1d43a474f3f18e4fb6e4dc on remote branch
Change-Id: I097a293c7c41cf5fa70a16c183492d913c27ce73
38 files changed, 127 insertions, 78 deletions
@@ -33,7 +33,6 @@ ifeq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM))) $(LOCAL_PATH)/generic/vendor/common \ $(LOCAL_PATH)/qva/vendor/common/sysmonapp \ $(LOCAL_PATH)/qva/vendor/ssg \ - $(LOCAL_PATH)/timeservice \ $(LOCAL_PATH)/qva/vendor/qwesas \ $(LOCAL_PATH)/qva/vendor/common @@ -57,7 +56,6 @@ ifneq (,$(filter sdm845 sdm710, $(TARGET_BOARD_PLATFORM))) $(LOCAL_PATH) \ $(LOCAL_PATH)/legacy/vendor/common/sysmonapp \ $(LOCAL_PATH)/legacy/vendor/ssg \ - $(LOCAL_PATH)/timeservice \ $(LOCAL_PATH)/legacy/vendor/common ifeq ($(TARGET_SEPOLICY_DIR),) diff --git a/generic/private/property_contexts b/generic/private/property_contexts index 072c1df8..47b554ac 100644 --- a/generic/private/property_contexts +++ b/generic/private/property_contexts @@ -27,3 +27,4 @@ ro.vendor.qti.va_aosp.support u:object_r:vendor_exported_system_prop:s0 exact bool ro.vendor.qti.va_odm.support u:object_r:vendor_exported_odm_prop:s0 exact bool +ro.netflix.bsp_rev u:object_r:vendor_exported_system_prop:s0 exact string diff --git a/generic/vendor/common/hal_imsrtp.te b/generic/vendor/common/hal_imsrtp.te index 0bce04dc..24b84097 100644 --- a/generic/vendor/common/hal_imsrtp.te +++ b/generic/vendor/common/hal_imsrtp.te @@ -47,3 +47,7 @@ r_dir_file(hal_imsrtp, sysfs_diag) get_prop(hal_imsrtp, ims_prop) binder_call(hal_imsrtp, radio) + +userdebug_or_eng(' +binder_call(hal_imsrtp, vtloopback_app) +') diff --git a/qva/vendor/common/mdm_helper.te b/generic/vendor/common/mdm_helper.te index 5da248c7..94e30a96 100644 --- a/qva/vendor/common/mdm_helper.te +++ b/generic/vendor/common/mdm_helper.te @@ -45,11 +45,23 @@ allow mdm_helper esoc_device:chr_file rw_file_perms; allow mdm_helper vendor_shell_exec:file rx_file_perms; allow mdm_helper mdm_helper_exec :file x_file_perms; +#Rampdump config +# +# User variant +# Probe for write access to vendor tombstones as the +# presense of tombstones on subsystem does not correlate +# to Android user/userdebug config +allow mdm_helper vendor_tombstone_data_file:dir r_dir_perms; +dontaudit mdm_helper vendor_tombstone_data_file:dir write; +# Userdebug/eng variant userdebug_or_eng(` -#Needed for ram dump storage allow mdm_helper vendor_tombstone_data_file:dir create_dir_perms; allow mdm_helper vendor_tombstone_data_file:file create_file_perms; ') +#Ramdump config END + +#Needed to kill its own forked process on efs sync +allow mdm_helper self:capability kill; #Needed by ks in order to access the efs sync partitions. allow mdm_helper block_device:dir r_dir_perms; diff --git a/generic/vendor/common/peripheral_manager.te b/generic/vendor/common/peripheral_manager.te index ee25cc97..f159b623 100644 --- a/generic/vendor/common/peripheral_manager.te +++ b/generic/vendor/common/peripheral_manager.te @@ -40,6 +40,9 @@ binder_call(vendor_per_mgr, rild) allow vendor_per_mgr self:capability net_bind_service; +# allow system reboot (for subsystem requests) +allow vendor_per_mgr self:capability sys_boot; + allow vendor_per_mgr firmware_file:file r_file_perms; allow vendor_per_mgr firmware_file:dir search; @@ -50,6 +53,9 @@ allow vendor_per_mgr ssr_device:chr_file { open read }; # Needed by libmdmdetect to get subsystem info and to check their states allow vendor_per_mgr sysfs_data:file r_file_perms; +# Get config property +get_prop(vendor_per_mgr, vendor_per_mgr_prop); + # Set the peripheral state property set_prop(vendor_per_mgr, vendor_per_mgr_state_prop); diff --git a/generic/vendor/common/property.te b/generic/vendor/common/property.te index a5ae8764..edf06302 100644 --- a/generic/vendor/common/property.te +++ b/generic/vendor/common/property.te @@ -37,6 +37,7 @@ type ipacm-diag_prop, property_type; type vendor_modem_diag_prop, property_type; type msm_irqbalance_prop, property_type; type vendor_per_mgr_state_prop, property_type; +type vendor_per_mgr_prop, property_type; type vendor_dataqti_prop, property_type; type vendor_dataqdp_prop, property_type; type vendor_ramdump_prop, property_type; diff --git a/generic/vendor/common/property_contexts b/generic/vendor/common/property_contexts index 6c47b1ec..782a6ec1 100644 --- a/generic/vendor/common/property_contexts +++ b/generic/vendor/common/property_contexts @@ -72,6 +72,7 @@ ro.vendor.display. u:object_r:vendor_display_prop:s0 persist.vendor.display. u:object_r:vendor_display_prop:s0 vendor.gralloc. u:object_r:vendor_gralloc_prop:s0 vendor.peripheral. u:object_r:vendor_per_mgr_state_prop:s0 +ro.vendor.peripheral. u:object_r:vendor_per_mgr_prop:s0 vendor.ims. u:object_r:ims_prop:s0 ro.vendor.build.software.version u:object_r:ims_prop:s0 persist.vendor.ims. u:object_r:ims_prop:s0 diff --git a/generic/vendor/common/seapp_contexts b/generic/vendor/common/seapp_contexts index ed76f8d0..4e6755c4 100644 --- a/generic/vendor/common/seapp_contexts +++ b/generic/vendor/common/seapp_contexts @@ -27,6 +27,9 @@ # A fallback in case tango_core is missing something critical that untrusted_app provides user=_app seinfo=tango name=com.google.tango:app domain=untrusted_app type=app_data_file levelFrom=user +#Needed for time service apk +user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all + # AtFwd app user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app_data_file levelFrom=all diff --git a/generic/vendor/common/vendor_init.te b/generic/vendor/common/vendor_init.te index 84e0eee0..f811f76e 100644 --- a/generic/vendor/common/vendor_init.te +++ b/generic/vendor/common/vendor_init.te @@ -91,6 +91,10 @@ set_prop(vendor_init, sensors_prop) #Access vendor bluetooth properties set_prop(vendor_init, vendor_bluetooth_prop) + +#Access peripheral manager config +set_prop(vendor_init, vendor_per_mgr_prop) + userdebug_or_eng(` allow vendor_init proc_security:file rw_file_perms; ') diff --git a/generic/vendor/test/vtloopback_app.te b/generic/vendor/test/vtloopback_app.te index 77a6e3af..d78c8dfb 100644 --- a/generic/vendor/test/vtloopback_app.te +++ b/generic/vendor/test/vtloopback_app.te @@ -35,6 +35,7 @@ binder_call(vtloopback_app, hal_imsrtp) allow vtloopback_app hal_imsrtp_hwservice:hwservice_manager find; allow vtloopback_app cameraserver_service:service_manager find; allow vtloopback_app mediaserver_service:service_manager find; +allow vtloopback_app gpu_service:service_manager find; get_prop(vtloopback_app, ims_prop) allow vtloopback_app { app_api_service activity_service }:service_manager find; ') diff --git a/legacy/vendor/common/hal_imsrtp.te b/legacy/vendor/common/hal_imsrtp.te index 51e6f23b..4ec4b3f8 100644 --- a/legacy/vendor/common/hal_imsrtp.te +++ b/legacy/vendor/common/hal_imsrtp.te @@ -61,3 +61,7 @@ allow hal_imsrtp sysfs_data:file r_file_perms; get_prop(hal_imsrtp, qcom_ims_prop) binder_call(hal_imsrtp, radio) + +userdebug_or_eng(' +binder_call(hal_imsrtp, vtloopback_app) +') diff --git a/legacy/vendor/common/netmgrd.te b/legacy/vendor/common/netmgrd.te index dc55ac48..e3453e97 100644 --- a/legacy/vendor/common/netmgrd.te +++ b/legacy/vendor/common/netmgrd.te @@ -101,6 +101,7 @@ hwbinder_use(netmgrd) binder_call(netmgrd, netd) allow netmgrd system_net_netd_hwservice:hwservice_manager find; +allow netmgrd self:capability { net_admin net_raw setgid setpcap setuid kill }; allow netmgrd sysfs_net:dir r_dir_perms; allow netmgrd sysfs_net:file rw_file_perms; diff --git a/legacy/vendor/common/seapp_contexts b/legacy/vendor/common/seapp_contexts index ad69b180..e848ae43 100644 --- a/legacy/vendor/common/seapp_contexts +++ b/legacy/vendor/common/seapp_contexts @@ -37,6 +37,9 @@ user=_app seinfo=platform name=com.qualcomm.telephony domain=qtelephony type=app #Add new domain for QDMA user=system seinfo=platform name=com.qualcomm.qti.qdma domain=qdma_app type=system_app_data_file +# Add time service app +user=_app seinfo=platform name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all + #Add new domain for logkit services user=system seinfo=platform name=com.qualcomm.qti.logkit domain=qti_logkit_app type=system_app_data_file diff --git a/legacy/vendor/test/vtloopback_app.te b/legacy/vendor/test/vtloopback_app.te index 7b40c825..d0b1242b 100755 --- a/legacy/vendor/test/vtloopback_app.te +++ b/legacy/vendor/test/vtloopback_app.te @@ -35,6 +35,7 @@ binder_call(vtloopback_app, hal_imsrtp) allow vtloopback_app hal_imsrtp_hwservice:hwservice_manager find; allow vtloopback_app cameraserver_service:service_manager find; allow vtloopback_app mediaserver_service:service_manager find; +allow vtloopback_app gpu_service:service_manager find; get_prop(vtloopback_app, qcom_ims_prop) allow vtloopback_app { app_api_service activity_service }:service_manager find; ') diff --git a/qva/private/seapp_contexts b/qva/private/seapp_contexts index 0eba5016..6a92d1d1 100644 --- a/qva/private/seapp_contexts +++ b/qva/private/seapp_contexts @@ -26,4 +26,4 @@ # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. #Add new domain for qti value added Location apps -user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file
\ No newline at end of file +user=system seinfo=platform name=com.qualcomm.location.XT isPrivApp=true domain=location_app type=system_app_data_file diff --git a/qva/public/attributes b/qva/public/attributes index 870049ac..477d0cf6 100644 --- a/qva/public/attributes +++ b/qva/public/attributes @@ -28,3 +28,7 @@ attribute sigmahal; attribute sigmahal_server; attribute sigmahal_client; + +attribute hal_spu; +attribute hal_spu_client; +attribute hal_spu_server; diff --git a/qva/vendor/bengal/file_contexts b/qva/vendor/bengal/file_contexts index a607e41f..ba05fce0 100644 --- a/qva/vendor/bengal/file_contexts +++ b/qva/vendor/bengal/file_contexts @@ -169,3 +169,13 @@ # same process HAL libs /vendor/lib(64)?/hw/vulkan\.bengal\.so u:object_r:same_process_hal_file:s0 /vendor/lib(64)?/hw/gralloc\.bengal\.so u:object_r:same_process_hal_file:s0 + +# Bluetooth LAZY HAL +/vendor/bin/hw/android\.hardware\.bluetooth@1\.0-service-qti-lazy u:object_r:hal_bluetooth_default_exec:s0 + +################################### +# sysfs files +# +/sys/devices/virtual/block/dm-[0-6]/queue/read_ahead_kb u:object_r:sysfs_mmc_host:s0 + +/sys/devices/platform/soc/1b40000.qfprom/qfprom0/feat_conf10 u:object_r:sysfs_qfprom:s0 diff --git a/qva/vendor/bengal/genfs_contexts b/qva/vendor/bengal/genfs_contexts index 5dc86970..6309ea54 100644 --- a/qva/vendor/bengal/genfs_contexts +++ b/qva/vendor/bengal/genfs_contexts @@ -42,6 +42,7 @@ genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d000/leds u:object_r:sysfs_graphics:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,leds@d300/leds u:object_r:sysfs_leds:s0 genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-03/1c40000.qcom,spmi:qcom,pmi632@3:qcom,vibrator@5700/leds/vibrator u:object_r:sysfs_leds:s0 +genfscon sysfs /devices/platform/soc/1c40000.qcom,spmi/spmi-0/spmi0-01/1c40000.qcom,spmi:qcom,pm2250@1:qcom,vibrator@5600/leds/vibrator u:object_r:sysfs_leds:s0 # Power supply device nodes @@ -62,6 +63,7 @@ genfscon sysfs /devices/platform/soc/soc:qcom,cpu0-cpu-ddr-latfloor/devfreq u:ob genfscon sysfs /devices/platform/soc/soc:qcom,cpu-cpu-ddr-bw/devfreq u:object_r:sysfs_devfreq:s0 #net sysfs +genfscon sysfs /devices/platform/soc/c800000.qcom,icnss u:object_r:sysfs_net:s0 #fps sysfs-node diff --git a/qva/vendor/common/attributes b/qva/vendor/common/attributes index 62d70f63..c06997bb 100644 --- a/qva/vendor/common/attributes +++ b/qva/vendor/common/attributes @@ -119,10 +119,6 @@ attribute hal_bluetooth_dun; attribute hal_bluetooth_dun_client; attribute hal_bluetooth_dun_server; -attribute hal_spu; -attribute hal_spu_client; -attribute hal_spu_server; - attribute hal_embmssl; attribute hal_embmssl_client; attribute hal_embmssl_server; diff --git a/qva/vendor/common/cnd.te b/qva/vendor/common/cnd.te index b4d2b743..9444bf01 100644 --- a/qva/vendor/common/cnd.te +++ b/qva/vendor/common/cnd.te @@ -61,6 +61,10 @@ allowxperm cnd self:udp_socket ioctl wlan_sock_ioctls; add_hwservice(cnd, hal_latency_hwservice) +add_hwservice(cnd,hal_slmadapter_hwservice) + +get_prop(cnd,slm_prop) + ############################################################## #for using public interface vendor.qti.data.factory #client should add their domain to cnd.te diff --git a/timeservice/keys.conf b/qva/vendor/common/dataservice_app.te index a9e20b6c..8a80e161 100644 --- a/timeservice/keys.conf +++ b/qva/vendor/common/dataservice_app.te @@ -25,5 +25,4 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -[@TIMESERVICE] -ALL : device/qcom/sepolicy/timeservice/timeservice_app_cert.x509.pem +allow dataservice_app hal_slmadapter_hwservice:hwservice_manager find; diff --git a/qva/vendor/common/file.te b/qva/vendor/common/file.te index da27bdd7..05dbcf72 100644 --- a/qva/vendor/common/file.te +++ b/qva/vendor/common/file.te @@ -128,3 +128,7 @@ type vendor_qspmhal_data_file, file_type, data_file_type; type sysfs_memory_offline, sysfs_type, fs_type; type sysfs_qfprom, fs_type, sysfs_type; + +#slub-debug +type sysfs_slab_zshandle_storeuser, fs_type, sysfs_type; +type sysfs_slab_zspage_storeuser, fs_type, sysfs_type; diff --git a/qva/vendor/common/genfs_contexts b/qva/vendor/common/genfs_contexts index d3d6aa88..37f03230 100644 --- a/qva/vendor/common/genfs_contexts +++ b/qva/vendor/common/genfs_contexts @@ -41,3 +41,6 @@ genfscon sysfs /module/rmnet_perf/parameters u:object_r:sysfs_rmnet:s0 genfscon sysfs /kernel/qvr_external_sensor u:object_r:sysfs_qvr_external_sensor:s0 genfscon sysfs /devices/system/memory/ u:object_r:sysfs_memory_offline:s0 + +genfscon sysfs /kernel/slab/zs_handle/store_user u:object_r:sysfs_slab_zshandle_storeuser:s0 +genfscon sysfs /kernel/slab/zspage/store_user u:object_r:sysfs_slab_zspage_storeuser:s0 diff --git a/qva/vendor/common/hal_spu_qti.te b/qva/vendor/common/hal_spu_qti.te index d3664bfc..950e4a20 100644 --- a/qva/vendor/common/hal_spu_qti.te +++ b/qva/vendor/common/hal_spu_qti.te @@ -41,6 +41,9 @@ binder_call(hal_spu_server, hal_spu_client) # Allow the service to be added to hwservice list hal_attribute_hwservice(hal_spu, hal_spu_hwservice) +# Allow access to spss_utils device +allow hal_spu_qti spss_utils_device:chr_file rw_file_perms; + # Allow access to spcom devices allow hal_spu_qti spcom_device:chr_file rw_file_perms; allow hal_spu_qti skp_device:chr_file rw_file_perms; diff --git a/qva/vendor/common/hwservice.te b/qva/vendor/common/hwservice.te index b0083e0a..c7b8e490 100644 --- a/qva/vendor/common/hwservice.te +++ b/qva/vendor/common/hwservice.te @@ -53,3 +53,4 @@ type hal_bluetooth_dun_hwservice, hwservice_manager_type; type hal_qseecom_hwservice, hwservice_manager_type; type hal_spu_hwservice, hwservice_manager_type; type hal_embmssl_hwservice, hwservice_manager_type; +type hal_slmadapter_hwservice, hwservice_manager_type; diff --git a/qva/vendor/common/hwservice_contexts b/qva/vendor/common/hwservice_contexts index 82443ec9..6158afa6 100755 --- a/qva/vendor/common/hwservice_contexts +++ b/qva/vendor/common/hwservice_contexts @@ -72,3 +72,4 @@ vendor.qti.hardware.cryptfshw::ICryptfsHw u:object_r:hal_keym vendor.qti.hardware.qseecom::IQSEECom u:object_r:hal_qseecom_hwservice:s0 vendor.qti.spu::ISPUManager u:object_r:hal_spu_hwservice:s0 vendor.qti.hardware.embmssl::IEmbms u:object_r:hal_embmssl_hwservice:s0 +vendor.qti.hardware.slmadapter::ISlmAdapter u:object_r:hal_slmadapter_hwservice:s0 diff --git a/qva/vendor/common/init_shell.te b/qva/vendor/common/init_shell.te index a36a37d2..b9f46de2 100644 --- a/qva/vendor/common/init_shell.te +++ b/qva/vendor/common/init_shell.te @@ -49,3 +49,12 @@ userdebug_or_eng(` set_prop(qti_init_shell, vendor_audio_debug_prop) set_prop(qti_init_shell, vendor_coresight_prop) ') + +#allow configuring slub debug options +allow qti_init_shell sysfs_slab_zshandle_storeuser:file w_file_perms; +allow qti_init_shell sysfs_slab_zspage_storeuser:file w_file_perms; + +allow qti_init_shell { + sysfs_mmc_host +}:file w_file_perms; + diff --git a/qva/vendor/common/lmkd.te b/qva/vendor/common/lmkd.te index 72b30760..48d9296b 100644 --- a/qva/vendor/common/lmkd.te +++ b/qva/vendor/common/lmkd.te @@ -33,7 +33,7 @@ allow lmkd hwservicemanager:binder call; # Used by LMKD to work with EPOLLWAKEUP events. allow lmkd self:global_capability2_class_set block_suspend; - +allow lmkd proc_vmstat:file r_file_perms; userdebug_or_eng(` allow lmkd kmsg_device:chr_file rw_file_perms; ') diff --git a/qva/vendor/common/property.te b/qva/vendor/common/property.te index c8241d41..69220f66 100644 --- a/qva/vendor/common/property.te +++ b/qva/vendor/common/property.te @@ -91,3 +91,6 @@ type vendor_qvr_prop, property_type; #qmuxd property type ctl_qmuxd_prop, property_type; + +#slm property +type slm_prop, property_type; diff --git a/qva/vendor/common/property_contexts b/qva/vendor/common/property_contexts index d3131271..483d062c 100644 --- a/qva/vendor/common/property_contexts +++ b/qva/vendor/common/property_contexts @@ -123,3 +123,6 @@ ctl.start$vendor.qmuxd u:object_r:ctl_qmuxd_prop:s0 #bluetooth property ro.vendor.bt.enablelazyhal u:object_r:bluetooth_prop:s0 exact bool + +#SLM +persist.vendor.slm. u:object_r:slm_prop:s0 diff --git a/qva/vendor/common/sec_nvm.te b/qva/vendor/common/sec_nvm.te index 2fde9d32..5a06e348 100644 --- a/qva/vendor/common/sec_nvm.te +++ b/qva/vendor/common/sec_nvm.te @@ -40,6 +40,9 @@ allow sec_nvm persist_secnvm_file:file create_file_perms; allow sec_nvm sysfs_scsi_host:file rw_file_perms; +# Allow access to spss_utils device +allow sec_nvm spss_utils_device:chr_file rw_file_perms; + allow sec_nvm spcom_device:chr_file { getattr rw_file_perms }; allow sec_nvm sp_ssr_device:chr_file rw_file_perms; set_prop(sec_nvm, spcomlib_prop) diff --git a/qva/vendor/lito/genfs_contexts b/qva/vendor/lito/genfs_contexts index b80b103c..83c31949 100644 --- a/qva/vendor/lito/genfs_contexts +++ b/qva/vendor/lito/genfs_contexts @@ -1,4 +1,4 @@ -# Copyright (c) 2019, The Linux Foundation. All rights reserved. +# Copyright (c) 2019-2020, The Linux Foundation. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are @@ -37,6 +37,8 @@ genfscon sysfs /class/qcom-battery u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-000c/98c000.i2c:qcom,smb1355@c:qcom,smb1355-charger@1000/power_supply/parallel u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0010/98c000.i2c:qcom,smb1390@10:qcom,charge_pump/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0 genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0018/98c000.i2c:qcom,smb1390_slave@18:qcom,charge_pump_slave/power_supply/cp_slave u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0034/98c000.i2c:qcom,smb1396@34:qcom,div2_cp/power_supply/charge_pump_master u:object_r:sysfs_battery_supply:s0 +genfscon sysfs /devices/platform/soc/98c000.i2c/i2c-2/2-0035/98c000.i2c:qcom,smb1396@35:qcom,div2_cp_slave/power_supply/cp_slave u:object_r:sysfs_battery_supply:s0 #qdss sysfs-node genfscon sysfs /devices/platform/soc/6b05000.tmc/coresight-tmc-etf u:object_r:sysfs_qdss_dev:s0 genfscon sysfs /devices/platform/soc/6048000.tmc/coresight-tmc-etr u:object_r:sysfs_qdss_dev:s0 diff --git a/timeservice/seapp_contexts b/qva/vendor/test/dualsta_app.te index 186c9fdb..851b67a2 100644 --- a/timeservice/seapp_contexts +++ b/qva/vendor/test/dualsta_app.te @@ -25,6 +25,26 @@ # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN # IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# Needed for time service apk -user=_app seinfo=timeserviceapp name=com.qualcomm.timeservice domain=timeservice_app type=app_data_file levelFrom=all +# qva/private/location_app_test.te - sepolicy rules for qti value added +# location apps (internal) that will be part of system image. eg: ODLT, Qlogcat + +type dualsta_app, domain; +app_domain(dualsta_app) + +userdebug_or_eng(` + binder_call(cnd,dualsta_app) + binder_call(dualsta_app,cnd) + allow dualsta_app hal_datafactory_hwservice:hwservice_manager find; + allow dualsta_app activity_service:service_manager find; + allow dualsta_app activity_task_service:service_manager find; + allow dualsta_app audio_service:service_manager find; + allow dualsta_app autofill_service:service_manager find; + allow dualsta_app cgroup:file write; + allow dualsta_app gpu_service:service_manager find; + allow dualsta_app gpuservice:binder call; + allow dualsta_app surfaceflinger_service:service_manager find; + allow dualsta_app system_app_data_file:dir { add_name getattr remove_name search write }; + allow dualsta_app system_app_data_file:file { create getattr map open read setattr unlink write }; + allow dualsta_app textservices_service:service_manager find; +') diff --git a/qva/vendor/test/location_app_test.te b/qva/vendor/test/location_app_test.te index bbb9ac82..b8fe158e 100644 --- a/qva/vendor/test/location_app_test.te +++ b/qva/vendor/test/location_app_test.te @@ -52,4 +52,7 @@ userdebug_or_eng(` allow location_app_test self:qipcrtr_socket create_socket_perms_no_ioctl; allow location_app_test audioserver_service:service_manager find; + + #dontaudit denial location_app_test to access hwservice_manager + dontaudit location_app_test hal_qspmhal_hwservice:hwservice_manager find; ') diff --git a/qva/vendor/test/seapp_contexts b/qva/vendor/test/seapp_contexts index 4aba4c49..a17b0157 100644 --- a/qva/vendor/test/seapp_contexts +++ b/qva/vendor/test/seapp_contexts @@ -32,3 +32,6 @@ user=system seinfo=platform name=.loopbackservice domain=qtiloopback_app type=sy #Add new domain for QDMAUtils user=system seinfo=platform name=com.qualcomm.qti.qdmautils domain=qdmautils_app type=system_app_data_file + +user=_app seinfo=platform name=com.qualcomm.qti.dualstaapp domain=dualsta_app type=app_data_file levelfrom=all + diff --git a/timeservice/mac_permissions.xml b/timeservice/mac_permissions.xml deleted file mode 100644 index 2b7b6d9e..00000000 --- a/timeservice/mac_permissions.xml +++ /dev/null @@ -1,40 +0,0 @@ -<?xml version="1.0" encoding="utf-8"?> -<!-- -Copyright (c) 2019, The Linux Foundation. All rights reserved. - -Redistribution and use in source and binary forms, with or without -modification, are permitted provided that the following conditions are -met: - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following - disclaimer in the documentation and/or other materials provided - with the distribution. - * Neither the name of The Linux Foundation nor the names of its - contributors may be used to endorse or promote products derived - from this software without specific prior written permission. - - THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED - WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT - ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS - BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR - BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE - OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN - IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - --> -<policy> - -<!-- -See /system/sepolicy/private/mac_permissions.xml ---> - - <signer signature="@TIMESERVICE" > - <seinfo value="timeserviceapp" /> - </signer> - -</policy> diff --git a/timeservice/timeservice_app_cert.pk8 b/timeservice/timeservice_app_cert.pk8 Binary files differdeleted file mode 100644 index e1ef6f19..00000000 --- a/timeservice/timeservice_app_cert.pk8 +++ /dev/null diff --git a/timeservice/timeservice_app_cert.x509.pem b/timeservice/timeservice_app_cert.x509.pem deleted file mode 100644 index ad0998b4..00000000 --- a/timeservice/timeservice_app_cert.x509.pem +++ /dev/null @@ -1,24 +0,0 @@ ------BEGIN CERTIFICATE----- -MIID+zCCAuOgAwIBAgIJAMg/RXpMUk2MMA0GCSqGSIb3DQEBCwUAMIGTMQswCQYD -VQQGEwJJTjEQMA4GA1UECAwHVW5rbm93bjEQMA4GA1UEBwwHVW5rbm93bjEkMCIG -A1UECgwbUXVhbGNvbW0gVGVjaG5vbG9naWVzLCBJbmMuMRQwEgYDVQQLDAtUSU1F -U0VSVklDRTEkMCIGA1UEAwwbVElNRVNFUlZJQ0UgUHJpdmlsZWdlZCBBcHBzMB4X -DTE5MDczMTA5MzkyMloXDTQ2MTIxNjA5MzkyMlowgZMxCzAJBgNVBAYTAklOMRAw -DgYDVQQIDAdVbmtub3duMRAwDgYDVQQHDAdVbmtub3duMSQwIgYDVQQKDBtRdWFs -Y29tbSBUZWNobm9sb2dpZXMsIEluYy4xFDASBgNVBAsMC1RJTUVTRVJWSUNFMSQw -IgYDVQQDDBtUSU1FU0VSVklDRSBQcml2aWxlZ2VkIEFwcHMwggEiMA0GCSqGSIb3 -DQEBAQUAA4IBDwAwggEKAoIBAQDHEZhGjzKyYWuz4VYseoKiRXPXQ+3FLj7MYChe -9fj3bqeCmp4h2oX1hrI5y2Nml466K7+XnRmzqoeK1QxPnt6E3jZJttQDojGSyqtA -mA1UDYLeaMYUSk4+rSiJ22xJ2HP0gLxTfV9Gz8N5zsvwB65ZM5q2wL2jZX48aA51 -PcNYbtKeVPKt2ZP1m9LWjEIySjxj1pKhPaQdB3ukCsxZOLv27sqk3JE9Z6n/uWCB -bFt0OuaXZGpIwcKO53X1Bw4/M3wYcWmGNvFBUnRzZA2MTj49f+lprgxkx4GnbU9j -TGl8dxImLCvtvIXYjB8cuLJWhKnS/qoItdRruX4fK1Bkf1nvAgMBAAGjUDBOMB0G -A1UdDgQWBBSZ/rBADK7UrF89aVV5YYOgB0/zyDAfBgNVHSMEGDAWgBSZ/rBADK7U -rF89aVV5YYOgB0/zyDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAF -HG/GPgwZwXD0OgkE44f6CAhBsH2FfbGs4l0oapCJmtbWCNEu7LM0oZbr1J5JFv41 -lug8eOSGb1cTbGZF6hl+6JdO42NGI96A/3mHlffPoUjDuLYcMRUoWfimI+T9PS0W -gRfavA8osdyrBU7QxM0Axp62chWEF3/wmOZRIJd8rW8FpDPrqKZlywnJXDPNm5Wo -9g1WLAuu7bcFGUeed7fOmKPaVzA3aWCPSUTapj30fe0Mq+0ezODLaRhoMpVKuS6z -QlUedAEkBpamFTk90nnWoBpOhwcw2P5L1D3fhzZCAqf8xmp+torqiJxBA+9t6GHK -LR5CTP6cVxCy5pNWkW4Y ------END CERTIFICATE----- |